ML092380380: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
 
(Created page by program invented by StriderTol)
Line 88: Line 88:
LER 263/08-005  TDP-XHE-XL-LEVEL was set to 1.0x10
LER 263/08-005  TDP-XHE-XL-LEVEL was set to 1.0x10
-2. This event represents the probability of operators failing to terminate HPCI/RCIC flow prior to overfilling the reactor vessel into the steam piping and potentially damaging the pumps. This event was evaluated using the SPAR-H Method (Reference 4). It was determined that this human failure event required diagnostic activity. All diagnostic performance shaping factors were determined to be nominal; therefore, the failure probability was calculated as 1.0x10
-2. This event represents the probability of operators failing to terminate HPCI/RCIC flow prior to overfilling the reactor vessel into the steam piping and potentially damaging the pumps. This event was evaluated using the SPAR-H Method (Reference 4). It was determined that this human failure event required diagnostic activity. All diagnostic performance shaping factors were determined to be nominal; therefore, the failure probability was calculated as 1.0x10
-2. REFERENCES            
-2. REFERENCES
: 1. Xcel Energy, "LER 263-2008-005, Rev. 0, Reactor Scram due to Loss of Normal Offsite Power, Event Date of September 11, 2008," dated November 07, 2008.  
: 1. Xcel Energy, "LER 263-2008-005, Rev. 0, Reactor Scram due to Loss of Normal Offsite Power, Event Date of September 11, 2008," dated November 07, 2008.
: 2. U.S. Nuclear Regulatory Commission, "Monticello Nuclear Generating Plant Special Inspection Report 05000263/2008009," dated December 16, 2008.  
: 2. U.S. Nuclear Regulatory Commission, "Monticello Nuclear Generating Plant Special Inspection Report 05000263/2008009," dated December 16, 2008.
: 3. Idaho National Laboratory, "Standardized Plant Analysis Risk Model for Monticello," Revision 3.45, dated June 2008.  
: 3. Idaho National Laboratory, "Standardized Plant Analysis Risk Model for Monticello," Revision 3.45, dated June 2008.
: 4. Idaho National Laboratory, "NUREG/CR-6883: The SPAR-H Human Reliability Analysis Method,"
: 4. Idaho National Laboratory, "NUREG/CR-6883: The SPAR-H Human Reliability Analysis Method,"
dated August 2005.  
dated August 2005.
: 5. U.S. Nuclear Regulatory Commission, "RASP Handbook: Internal Events," Revision 1.01, dated January 2008.
: 5. U.S. Nuclear Regulatory Commission, "RASP Handbook: Internal Events," Revision 1.01, dated January 2008.
LER 263/08-005 APPENDIX A GEM WORKSHEET SAPHIRE Code Version
LER 263/08-005 APPENDIX A GEM WORKSHEET SAPHIRE Code Version

Revision as of 19:08, 11 July 2019

LER 263/2008-005, Monticello, Partial Loss of Offsite Power Event with HPCI High Level Instrument Trip Failures
ML092380380
Person / Time
Site: Monticello Xcel Energy icon.png
Issue date: 09/03/2009
From:
Office of Nuclear Regulatory Research
To:
Hunter C, 251-7575 RES/DRA
Shared Package
ML092380378 List:
References
LER 263/2008-005
Download: ML092380380 (12)


Text

Final Precursor Analysis Accident Sequence Precursor Program - Office of Nuclear Regulatory Research Monticello Partial Loss Of Offsite Power Event With HPCI High Level Instrument Trip Failures Event Date: 09/11/2008 LER: 263/2008-005 CCDP = 1x10-5 EVENT

SUMMARY

Event Description. On September 11, 2008, Monticello Nuclear Generating Plant experienced a line fault on the supply line to the 2R Transformer. The 1R Transformer was out-of-service for planned maintenance when the event started. With both the 1R and 2R Transformers unavailable, the offsite electrical power supply to the non-safety buses was lost, resulting in a reactor scram with loss of the normal heat sink. The unit also experienced Group 1, 2 and 3 isolations of containment and the reactor pressure vessel. The 1AR Transformer remained available and the safety buses automatically transferred to that source as designed. Both emergency diesel generators (EDGs) started and were running, but did not load as offsite power was available to the safety buses.

Since the normal heat sink was lost as a result of main steam isolation valve (MSIV) closure and loss of electrical power to support equipment, operators used the reactor core isolation cooling system (RCIC), the high pressure coolant injection (HPCI), the safety relief valves (SRVs) and the torus cooling system for pressure and level control. The licensee decided to place the plant in Mode 4 (Cold Shutdown) pending assessment of the transient. Subsequently, the licensee restored the 1R Transformer and

returned power to the non-safety buses.

The licensee documented their event details in Refe rence 1. NRC conducted a special inspection of the event; inspection findings are documented in Reference 2.

Cause. The root cause of the event was the A and B phase conductors supplying power to the 2R Transformer faulted to ground, resulting in the 34.5 kV breaker opening as designed to protect equipment from fault current damage. The opening of the 34.5 kV Breaker with the 1R Transformer out of service resulted in a loss of normal offsite power and a reactor scram. Due to the destruction of the failed insulation (splice and cable), the exact failure mechanism was not determined.

Additional Event Details. The HPCI turbine failed to trip at the +48 inch reactor vessel level signal. Operators manually isolated the steam line for the turbine. HPCI was declared inoperable. An investigation determined the failure of the HPCI to trip was due to three effects: (1) the trip solenoid valve had been misassembled, (2) no periodic maintenance on the valve, and a battery voltage well above the minimum required, but slightly below the normally observed voltage.

In addition, Division I of Residual Heat Removal Service Water (RHRSW) was out of service for maintenance at the onset of the reactor trip and during event recovery.

Recovery Opportunities.

The licensee determined that recovery of the 1R Transformer was possible within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> (Reference 1).

LER 263/08-005 Analysis Rules. The ASP program uses Significance Determination Process (SDP) results for degraded conditions when available. However, the ASP program performs independent initiating event analysis when an initiator occurs and a condition analysis when there are no performance deficiencies identified for a particular event. In addition, the ASP program analyzes separate degraded conditions that were present during the same period and similar degraded conditions on an individual system or component that had different performance deficiencies.

Five GREEN findings have been identified for this event and are described in Reference 2. Therefore, this analysis focuses solely on the risk of the reactor trip and loss of offsite power to the non-safety buses that occurred.

ANALYSIS RESULTS

Conditional Core Damage Probability. The point estimate conditional core damage probability (CCDP) value for this event is 1.4x10

-6. The results of an uncertainty assessment on the event CCDP are summarized below.

5% Mean 95% CCDP 1.9x10-6 1.4x10-5 4.5x10-5 The Accident Sequence Precursor Program acceptance threshold is a CCDP of 1x10

-6 or the CCDP equivalent of an uncomplicated reactor trip with a non-recoverable loss of secondary plant systems (e.g., feed water and condensate), whichever is greater. This CCDP equivalent for Monticello is 2x10

-6. Dominant Sequence. The dominant accident sequence, Loss of Condenser Heat Sink (LOCHS) Sequence 62 (CCDP = 1.1x10

-5) contributes 78.6% of the total internal events CCDP. Additional sequences that contribute at least 1% of the total internal events CCDP are provided in Appendix A (GEM Worksheet).

The dominant sequence is shown graphically in Figure B-1 (Appendix B). The events and important component failures in LOCHS Sequence 62 are:

LOCHS occurs due to loss of offsite power to the non-safety buses, reactor scram succeeds, SRVs successfully close (if opened), main feedwater fails, high-pressure injection (HPCI/RCIC) fails, manual reactor depressurization succeeds, condensate injection fails, low-pressure injection (LPCI/CS) fails, and alternate low-pressure injection fails.

LER 263/08-005 GEM Worksheet. The GEM analysis worksheet contained in Appendix A provides the following:

Modified basic events and initiating event frequencies, including base and change case probabilities/frequencies. Dominant sequences (including CCDPs). Sequence logic for all dominant sequences. Fault tree definitions. Sequence cutsets. Definitions and probabilities for key basic events.

MODELING ASSUMPTIONS Analysis Type. The Revision 3-Plus (Change 3.45) of the Monticello Standardized Plant Analysis Risk (SPAR) model (Reference 3) created in June 2008 was used for this event analysis. This event was modeled as a loss of condenser heat sink initiating event with the unavailability of offsite power to the

non-safety buses.

Unique Design Features. Monticello has the following unique design features that are pertinent to this

event assessment:

Reserve Auxiliary Transformer 1AR. Auxiliary power is supplied by the Station Auxiliary Transformer 2R during normal power operation. However, provisions are made for an automatic, fast transfer of the auxiliary load to the Reserve Transformer 1R. In the event Reserve Transformer 1R is unable to accept load, the essential buses are automatically transferred to the Reserve Auxiliary Transformer 1AR. Reserve Auxiliary Transformer 1AR is sized to provide only the plant's essential 4160 V buses and connected loads.

Control Rod Drive System. Modifications made to the control rod drive (CRD) return flow required analysis and testing to ensure this source of high-pressure water flow was not reduced below a water boil-off rate due to decay heat generation 40 minutes following shutdown from rated power and the maximum leakage rate from the primary system. The analysis was redone using up-to-date thermal power and decay heat curve. This analysis indicates that a flow rate of 100.9 gpm is required to maintain the water level above the top of the active fuel. Additional flow to the vessel can be obtained by opening the two outboard isolation valves to the reactor

water cleanup return line. In this mode of operation, one CRD pump can be used to add as

much as 150 gpm to reactor vessel.

Modeling Assumptions. The following modeling assumptions were determined to be vital to this event analysis:

Loss of Condenser Heat Sink Initiating Event. This analysis models the September 11, 2008 reactor scram at Monticello as a loss of condenser heat sink initiating event. A loss of offsite power to the non-safety buses resulted in the unavailability of the feedwater, condensate, recirculation, and circulating water systems. In addition, the unavailability of both the 1R and 2R Transformers caused a Group 1 isolation (i.e., the MSIVs automatically closed).

LER 263/08-005 Power Recovery to Non-Safety Bus. Offsite power recovery to a non-safety bus was possible six hours after the initiating event occurred. To reenergize a non-safety bus, Reserve Transformer 1R would need to be placed back into service from the ongoing maintenance activity. In this analysis, time for recovery is assumed to be available if high-pressure injection (HPCI/RCIC) is successful.

Failure of HPCI/RCIC High Reactor Vessel Level Trip. The high reactor vessel level automatic trip for HPCI/RCIC failed during event recovery. Operator action was required to prevent over-filling the reactor vessel and prevent the unavailability and potential damage to RCIC and HPCI turbine-driven pumps.

Division I RHRSW Unavailable. Division I of RHRSW was unavailable due to maintenance and was assumed to be non-recoverable during the event.

Fault Tree Modifications. The following fault tree modifications were necessary to perform this event analysis:

Condensate. The condensate pumps fault tree (CDS-PMPS) was modified to account for initial loss of the condensate system (i.e., it balance-of-plant function) due to the loss of power to the non-safety buses. However, if HPCI and/or RCIC were initially available, condensate could be available later. The 'AND' Gate CDS-LOOP1 and the subsequent logic (including basic event (OPR-XHE-XL-NONVITAL) were added to model the initial loss of condensate and the potential recovery of the low-pressure injection function of the condensate system. See Figure C-1 (Appendix C) for modified CDS-PMPS fault tree.

HPCI and RCIC. The basic event TDP-XHE-XL-LEVEL was added to the HPCI and RCIC turbine-driven pump faults trees to account for the required operator action to secure the pumps due to the failure of the automatic high reactor vessel level trip. See Figure C-2 (HCI-TDP) and Figure C-3 (RCI-TDP) in Appendix C for the modified HPCI and RCIC fault trees.

Basic Event Probability Changes. The following initiating event frequencies and basic event probabilities were modified for this event analysis:

IE-LOCHS set to 1.0. The loss of condenser heat sink (LOCHS) initiating event frequency was set 1.0 to represent the operational event that occurred at Monticello on September 11, 2008.

All other initiating events frequencies were set to zero.

LOOP-NONVITAL was set to TRUE. This event was set to TRUE because Monticello experienced a loss of offsite power to the non-safety buses during the event.

OPR-XHE-XL-NONVITAL. This event represents the probability of operators failing to restore power to a non-safety bus given successful high-pressure injection (HPCI/RCIC). This event was evaluated using the SPAR-H Method (Reference 4). It was determined that this human failure event required diagnostic activity. All diagnostic performance shaping factors were determined to be nominal; therefore, the failure probability was calculated as 1.0x10

-2. RSW-MDP-TM-TRNA and RSW-MDP-TM-TRNC were set to TRUE. These basic events were set to TRUE because Division I RHRSW was unavailable due to maintenance

LER 263/08-005 TDP-XHE-XL-LEVEL was set to 1.0x10

-2. This event represents the probability of operators failing to terminate HPCI/RCIC flow prior to overfilling the reactor vessel into the steam piping and potentially damaging the pumps. This event was evaluated using the SPAR-H Method (Reference 4). It was determined that this human failure event required diagnostic activity. All diagnostic performance shaping factors were determined to be nominal; therefore, the failure probability was calculated as 1.0x10

-2. REFERENCES

1. Xcel Energy, "LER 263-2008-005, Rev. 0, Reactor Scram due to Loss of Normal Offsite Power, Event Date of September 11, 2008," dated November 07, 2008.
2. U.S. Nuclear Regulatory Commission, "Monticello Nuclear Generating Plant Special Inspection Report 05000263/2008009," dated December 16, 2008.
3. Idaho National Laboratory, "Standardized Plant Analysis Risk Model for Monticello," Revision 3.45, dated June 2008.
4. Idaho National Laboratory, "NUREG/CR-6883: The SPAR-H Human Reliability Analysis Method,"

dated August 2005.

5. U.S. Nuclear Regulatory Commission, "RASP Handbook: Internal Events," Revision 1.01, dated January 2008.

LER 263/08-005 APPENDIX A GEM WORKSHEET SAPHIRE Code Version

7.27.0.41 SPAR Model Version
Monticello 3.45 (June 2008)

Analysis Type

Initiating Event Assessment Event Description
Loss of Condenser Heat Sink (LOCHS) With Loss of Offsite Power to the Non-Safety Buses.

Total CCDP

1.4E-5 (Point Estimate & Mean)

Basic Event Changes Base Current Event Name Description Probability Probability IE-IORV Inadvertent Open Relief Valve 2.0E-002 0.0E+000 IE-ISL-RHR ISLOCA (2-MOV RHR Interface) 4.0E-006 0.0E+000 IE-LLOCA Large LOCA 1.0E-005 0.0E+000 IE-LOACB-A Loss of Vital Bus A 4.5E-003 0.0E+000 IE-LOACB-B Loss of Vital Bus B 4.5E-003 0.0E+000 IE-LOCHS Loss of Condenser Heat Sink 2.0E-001 1.0E+000 IE-LODCB-A Loss of Vital DC Bus A 6.0E-004 0.0E+000 IE-LODCB-B Loss of Vital DC Bus B 6.0E-004 0.0E+000 IE-LOIAS Loss of Instrument Air 1.0E-002 0.0E+000 IE-LOMFW Loss of Feedwater 1.0E-001 0.0E+000 IE-LOOP Loss of Service Water 4.0E-004 0.0E+000 IE-MANSD Manual Shutdown 1.7E+000 0.0E+000 IE-MLOCA Medium LOCA 1.0E-004 0.0E+000 IE-SLOCA Small LOCA 6.0E-004 0.0E+000 IE-TRANS General Plant Transient 8.0E-001 0.0E+000 IE-XLOCA Excessive LOCA (Vessel Rupture) 1.0E-007 0.0E+000 LOOP-NONVITAL Loss of Offsite Power to Non-Safety Buses 0.0E+000 TRUE OPR-XHE-XL-NONVITAL Operator Fails to Restore Power to a Non-Safety Bus IGNORE 1.0E-002 RSW-MDP-TM-TRNA RHRSW Train A Is Unavailable Due to Maintenance 0.0E+000 TRUE RSW-MDP-TM-TRNC RHRSW Train C Is Unavailable Due to Maintenance 0.0E+000 TRUE TDP-XHE-XL-LEVEL Operator Fails To Secure TDPs Prior to Water Induction 0.0E+000 1.0E-002 Dominant Sequences Event Tree Sequence CCDP % Contribution LOCHS 62 1.1E-005 78.6 LOCHS 19 1.8E-006 12.9 LOCHS 39 3.9E-007 2.8 LOCHS 69 3.1E-007 2.2

Sequence Logic Event Tree Sequence Logic LOCHS 62 /RPS /SRV MFW HPI /DEP CDS LPI VA LOCHS 19 /RPS /SRV MFW /HPI SPC /DEP /CDS SDC CSS PCSR CVS LI01 LOCHS 39 /RPS /SRV MFW /HPI SPC DEP CRD LOCHS 69 /RPS /SRV MFW HPI DEP CRD A-1 LER 263/08-005 Fault Tree Descriptions Fault Tree Description CDS Condensate CRD CRD Injection (2 Pumps) CSS Containment Spray CVS Containment Venting DEP Manual Reactor Depress HPI High Pressure Injection (RCIC or HPCI) LI01 Monticello Late Injection Fails LPI Low Pressure Injection (CS or LPCI) MFW Main Feedwater PCSR Power Conversion System Recovery RPS Reactor Shutdown SDC Shutdown Cooling SPC Suppression Pool Cooling SRV SRVs Close VA Alternate Low Press Injection

Sequence Cutsets

Sequence: LOCHS 62 CCDP: 1.1E-005 CCDP % Cutset Cutset Events 1.0E-005 88.45 LPI-XHE-XO-LVLCTL TDP-XHE-XL-LEVEL 1.8E-007 1.59 HCI-MOV-CC-IVFRO HCI-MULTIPLE-INJECT HCI-XHE-XL-INJECT LPI-XHE-XO-LVLCTL RCI-TDP-TM-TRAIN 1.3E-007 1.11 HCI-MOV-CC-IVFRO HCI-MULTIPLE-INJECT HCI-XHE-XL-INJECT LPI-XHE-XO-LVLCTL RCI-TDP-FS-TRAIN 8.4E-008 0.74 LPI-XHE-XO-LVLCTL HCI-TDP-TM-TRAIN RCI-TDP-FS-TRAIN 7.4E-008 0.65 HCI-MOV-CC-IVFRO HCI-MULTIPLE-INJECT HCI-XHE-XL-INJECT LPI-XHE-XO-LVLCTL RCI-TDP-FR-TRAIN 7.0E-008 0.62 LPI-XHE-XO-LVLCTL RCI-TDP-TM-TRAIN HCI-TDP-FS-TRAIN

Sequence: LOCHS 19 CCDP: 1.8E-006 CCDP % Cutset Cutset Events 1.0E-006 55.96 RHR-XHE-XO-CHR 5.5E-007 30.78 CVS-XHE-XM-RVENT PCS-XHE-XL-LTLCHS CFAILED OPR-XHE-XE-IDSHED CFAILED1 1.3E-007 7.39 HCI-MOV-CC-IVFRO CVS-XHE-XM-RVENT HCI-XHE-XL-INJECT PCS-XHE-XL-LTLCHS OPR-XHE-XE-IDSHED CFAILED1 Sequence: LOCHS 39 CCDP: 3.9E-007 CCDP % Cutset Cutset Events 1.1E-007 28.41 OPR-XHE-XM-INJEC OPR-XHE-XE-IDSHED 6.1E-008 15.63 ADS-XHE-XM-MDEPR OPR-XHE-XE-IDSHED CRD-XHE-XM-BRKRS 4.4E-008 11.36 ADS-XHE-XM-MDEPR CRD-MDP-TM-TRNA OPR-XHE-XE-IDSHED 4.4E-008 11.36 ADS-XHE-XM-MDEPR CRD-MDP-TM-TRNB OPR-XHE-XE-IDSHED 2.0E-008 5.16 SPC-MOV-CC-LOOPB OPR-XHE-XM-INJEC 1.1E-008 2.84 ADS-XHE-XM-MDEPR CRD-MDP-FS-TRNB OPR-XHE-XE-IDSHED A-2 LER 263/08-005 A-3 Sequence: LOCHS 69 CCDP: 3.1E-007 CCDP % Cutset Cutset Events 1.0E-007 31.97 OPR-XHE-XM-INJEC TDP-XHE-XL-LEVEL 5.5E-008 17.58 ADS-XHE-XM-MDEPR TDP-XHE-XL-LEVEL CRD-XHE-XM-BRKRS 4.0E-008 12.79 ADS-XHE-XM-MDEPR CRD-MDP-TM-TRNB TDP-XHE-XL-LEVEL 4.0E-008 12.79 ADS-XHE-XM-MDEPR CRD-MDP-TM-TRNA TDP-XHE-XL-LEVEL 1.0E-008 3.20 ADS-XHE-XM-MDEPR CRD-MDP-FS-TRNA TDP-XHE-XL-LEVEL 1.0E-008 3.20 ADS-XHE-XM-MDEPR CRD-MDP-FS-TRNB TDP-XHE-XL-LEVEL 1.0E-008 3.20 ESF-ACT-FC-LEVEL OPR-XHE-XM-INJEC 5.0E-009 1.60 ADS-XHE-XM-MDEPR RBC-MOV-OO-ISOL TDP-XHE-XL-LEVEL 5.0E-009 1.60 ADS-XHE-XM-MDEPR TDP-XHE-XL-LEVEL CRD-XHE-XM-PUMP Basic Events (Cutsets Only)

Current Event Name Description Probability ACP-BAC-LP-DII Division II AC Power Buses Fail 9.6E-006 ADS-XHE-XM-MDEPR Operator Fails To Depressurize the Reactor 5.0E-004 CFAILED Containment Failure Causes Loss of All Low-Pressure Injection 5.0E-001 CFAILED1 Containment Failure Causes Loss of CRD/FW Injection 1.0E-001 CRD-MDP-FS-TRNA CRD Pump P-201A Fails To Start 2.0E-003 CRD-MDP-FS-TRNB CRD Pump P-201B Fails To Start 2.0E-003 CRD-MDP-TM-TRNA CRD Train A Is Unavailable Because Of Maintenance 8.0E-003 CRD-MDP-TM-TRNB CRD Train B Is Unavailable Because Of Maintenance 8.0E-003 CRD-XHE-XM-BRKRS Operator Fails To Close CRD-RBCW Breakers 1.1E-002 CRD-XHE-XM-PUMP Operator Fails To Start the Standby CRD Pump 1.0E-003 CVS-XHE-XM-RVENT Operator Fails To Vent Containment (Remote Operation) 1.0E-003 DCP-BAT-LP-BATTB Division II Battery Fails 4.8E-005 DCP-XHE-XL-BRKRS Operator Fails To Close DC Powered Breakers Locally 3.4E-001 ESF-ACT-FC-LEVEL ESF Actuation Fails 1.0E-003 HCI-MOV-CC-IVFRO HPCI Injection Valve (MOV HPCI-2061) Fails To Reopen 1.5E-001 HCI-MULTIPLE-INJECT Probability of Multiple HPCI Injections 1.5E-001 HCI-TDP-FS-TRAIN HPCI Pump P-209 Fails To Start 7.0E-003 HCI-TDP-TM-TRAIN HPCI Train Is Unavailable Because Of Maintenance 1.2E-002 HCI-XHE-XL-INJECT Operator Fails To Recover HPCI Injection Valve Reopening 8.0E-001 LPI-XHE-XO-LVLCTL Operator Fails to Control Level Using Low-Pressure Injection 1.0E-003 OPR-XHE-XE-IDSHED Operator Fails To Identify Load Shedding As Cause of Failure 1.1E-002 OPR-XHE-XM-INJEC Operator Fails To Detect Need for Injection within 45 Minutes 1.0E-005 PCS-XHE-XL-LTLCHS Operator Fails To Recover the PCS in the Long Term 1.0E+000 RBC-MOV-OO-ISOl RBCCW Isolation Valve Fails To Close 1.0E-003 RCI-TDP-FR-TRAIN RCIC Pump P-207 Fails To Run Given That It Started 4.1E-003 RCI-TDP-FS-TRAIN RCIC Pump P-207 Fails To Start 7.0E-003 RCI-TDP-TM-TRAIN RCIC Pump Train Is Unavailable Because Of Maintenance 1.0E-002 RHR-XHE-XO-CHR Operator Fails To Start/Control RHR (Dependent Event) 1.0E-006 RHR-XHE-XO-ERROR Operator Fails To Start/Control RHR 5.0E-004 SPC-MOV-CC-LOOPB SPC Injection Valves LPCI-2007 and LPCI-2009 Fail To Open 2.0E-003 TDP-XHE-XL-LEVEL Operator Fails To Secure Pumps Prior To Water 1.0E-002 LER 263/08-005 APPENDIX B EVENT TREE WITH DOMINANT SEQUENCE HIGHLIGHTED LILATEINJECTIONCVSCONTAINMENTVENTINGPCSRPOWERCONVERSIONSYSTEMRECOVERYCSSCONTAINMENTSPRAYSDCSHUTDOWNCOOLINGDEPMANUALREACTORDEPRESS SPCSUPPRESSIONPOOLCOOLING VAALTERNATELOW PRESSINJECTIONLPILOWPRESSUREINJECTION(CS or LPCI)CDSCONDENSATECRDCRDINJECTION(2 PUMPS)DEPMANUALREACTORDEPRESS SPCSUPPRESSIONPOOLCOOLING(EARLY)HPIHIGHPRESSUREINJECTION(RCIC or HPCI)MFWFEEDWATERSRVSRV'SCLOSERPSREACTORSHUTDOWNIE-LOCHSLOSS OFCONDENSERHEAT SINK# END-STATE2 OK3 OK4 OK5 OK6 OK7 CD8 OK9 OK10 OK11 OK12 CD13 OK14 OK15 OK16 OK17 OK18 OK19 CD20 OK21 OK22 OK23 OK24 CD 25 OK26 CD27 OK 28 OK29 OK30 OK 31 OK32 CD33 CD34 OK35 OK 36 OK37 OK38 CD 39 CD40 OK41 OK 42 OK43 OK44 OK 45 OK46 CD47 OK 48 OK49 OK50 OK51 OK52 CD 53 OK54 CD55 OK 56 OK57 OK58 OK 59 OK60 OK61 CD 62 CD63 OK64 OK 65 OK66 OK67 OK 68 CD69 CD70T 1SORV71T ATWS P1 SP1SD1CS1SD1CS1LI01LI01LI01LI01LI01LI01 LI01LI01LI01 Figure B-1: Loss of Condenser Heat Sink Event Tree (w/ Dominant Sequence Highlighted).

B-1 LER 263/08-005 APPENDIX C MODIFIED FAULT TREES CDS-PMPS2.136E-6CDS-MDP-CF-RUN8.620E-5CDS-MDP-CF-STARTCDP-LOOPTRUELOOP-NONVITALCDS-LOOP11.000E-2OPR-XHE-XL-NONVITALCDS-LOOP2HCI RCICDS-PMPS-1CDS-PMPS-2FALSECDS-MDP-A-IE-FA1.200E-4CDS-MDP-FR-PUMPA2.000E-3CDS-MDP-FS-PUMPACDS-PMPS-31.200E-4CDS-MDP-FR-PUMPB2.000E-3CDS-MDP-FS-PUMPBCONDENSATE PUMPTRAINS ARE UNAVAILABLECDS PUMP B FAILSCDS PUMP A FAILSCONDENSATE PUMPTRAINS FAILHPCI FAILS TOPROVIDE SUFFICIENTFLOW TO RX VESSELRCIC FAILS TOPROVIDE SUFFICIENTFLOW TO REACTORFAILURE OF HPCI/RCICPRECLUDES CREDITFOR CDS RECOVERYRECOVERY OFOFFSITE POWERTO NONVITAL BUSESIN A TIMELY MANNERNO POWER TOCONDENSATE PUMPSCDS train Afails due toinitiating event(default valueis FALSE)CONDENSATE PUMPP-1B FAILS TORUNCDS PUMP B FAILSTO STARTCONDENSATE PUMPSFAIL FROM COMMONCAUSE TO STARTCONDENSATE PUMPSFAIL FROM COMMONCAUSE TO RUNCDS PUMP A FAILSTO STARTCONDENSATE PUMPP-1A FAILS TORUNOPERATOR RESTORESPOWER TO NONVITAL BUSLOSS OF OFFSITEPOWER TO NON-SAFETYBUSES HAS OCCURRED Figure C-1: Modified CDS-PMPS Fault Tree.

C-1 LER 263/08-005 HCI-TDP1.200E-5HCI-CKV-CC-181.000E-3HCI-MOV-CC-INJEC1.200E-2HCI-TDP-TM-TRAIN1.000E-2TDP-XHE-XL-LEVELHCI-TDP-17.000E-3HCI-TDP-FS-TRAINTRUEHCI-XHE-XL-STARTHCI-TDP-24.102E-3HCI-TDP-FR-TRAINTRUEHCI-XHE-XL-RUNHCI-TDP-31.500E-1HCI-MOV-CC-IVFRO1.500E-1HCI-MULTIPLE-INJECT8.000E-1HCI-XHE-XL-INJECTHPCI INJECTIONVALVE FAILS TOREOPENHPCI FAILS TO RUNHPCI FAILS TOSTARTHPCI PUMP TRAINIS UNAVAILABLEOPERATOR FAILSTO RECOVER HPCIFAILURE TO STARTOPERATOR FAILSTO RECOVER HPCIFAILURE TO RUNHPCI PUMP P-209FAILS TO RUNGIVEN IT STARTEDHPCI PUMP P-209FAILS TO STARTHPCI INJECTIONCHECK VALVE HPCI-18FAILS TO OPENHPCI TRAIN ISUNAVAILABLE BECAUSEOF MAINTENANCEOPERATOR FAILSTO RECOVER HPCIINJECTION VALVEREOPENINGHPCI INJECTIONVALVE (HPCI-2067)CAUSES FAILURETO STARTPROBABILITYOF MULTIPLE HPCIINJECTIONSHPCI INJECTIONVALVE (MOV HPCI-2061)FAILS TO REOPENOPERATOR FAILS TOSECURE TDPs PRIOR TOWATER INDUCTIONFigure C-2: Modified HCI-TDP Fault Tree.

C-2 LER 263/08-005 RCI-TDP1.200E-5RCI-CKV-CC-221.000E-3RCI-MOV-CC-21061.000E-3RCI-MOV-CC-21071.000E-2RCI-TDP-TM-TRAIN C-3 1.000E-2TDP-XHE-XL-LEVELRCI-TDP-17.000E-3RCI-TDP-FS-TRAINTRUERCI-XHE-XL-STARTRCI-TDP-24.102E-3RCI-TDP-FR-TRAINTRUERCI-XHE-XL-RUNRCI-TDP-31.500E-1RCI-RESTART8.000E-2RCI-TDP-FS-RSTRT2.500E-1RCI-XHE-XL-RSTRTRCI-TDP-47.968E-3RCI-MOV-FC-XFER2.500E-1RCI-XHE-XL-XFERRCIC FAILS TOTRANSFER DURINGRECIRCULATIONRESTART OF RCICFAILS IF REQUIREDRCIC PUMP FAILSTO RUNRCIC PUMP FAILSTO STARTRCICOPERATOR FAILSTO RECOVER SUCTNXFER FAILUREOPERATOR FAILSTO RECOVER RCICFAILURE TO RESTARTRCIC FAILS TORESTART GIVENSTART AND SHORT-TERM RUNRCIC FAILS TOTRANSFER DURINGRECIRCULATIONOPERATOR FAILSTO RECOVER RCICFAILURE TO STARTOPERATOR FAILSTO RECOVER RCICFAILURE TO RUNRCIC PUMP P-207FAILS TO RUNGIVEN THAT ITSTARTEDRCIC PUMP P-207FAILS TO STARTRCIC PUMP TRAINIS UNAVAILABLEBECAUSE OF MAINTENANCERCIC INJECTIONCKV 22 FAILSTO OPENRCIC INJECTIONMOV RCIC-2107FAILS TO OPENRCIC INJECTIONMOV RCIC-2106FAILS TO OPENRESTART OF RCICIS REQUIREDOPERATOR FAILS TOSECURE TDPs PRIOR TOWATER INDUCTIONFigure C-3: Modified RCI-TDP Fault Tree.